Short Name |
HTTP:PFSENSE-ZONE-CSS2 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
pfSense WebGUI Zone Parameter Cross-Site Scripting2 |
Release Date |
2016/09/13 |
Update Number |
2777 |
Supported Platforms |
A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to services_captiveportal_zones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.